CVE-2025-30309: XMPWorker | Out-of-bounds Read (CWE-125)
First published: Tue Apr 08 2025(Updated: )
XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe XMP Toolkit SDK | <=2023.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30309?
CVE-2025-30309 is considered to be of medium severity due to the potential for sensitive information disclosure.
How do I fix CVE-2025-30309?
To mitigate CVE-2025-30309, update to the latest version of Adobe XMP Toolkit beyond version 2023.12.
What are the potential impacts of CVE-2025-30309?
The exploitation of CVE-2025-30309 can lead to unauthorized disclosure of sensitive memory contents.
Does CVE-2025-30309 require user interaction for exploitation?
Yes, exploitation of CVE-2025-30309 requires user interaction.
Which versions of Adobe XMP Toolkit are affected by CVE-2025-30309?
Adobe XMP Toolkit versions 2023.12 and earlier are affected by CVE-2025-30309.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe xmp toolkit sdk